1. Field of the Invention
The present invention relates to communications; more specifically, the updating of keys or other information used by communicating parties.
2. Description of Related Art
A typical wireless communications system provides wireless communications services to wireless units within a geographic region. A Mobile Switching Center (MSC) is responsible for, among other things, establishing and maintaining calls between the wireless units and calls between a wireless unit and a wireline unit. As such, the MSC interconnects the wireless units within its geographic region with a public switched telephone network. The geographic area serviced by the MSC is divided into spatially distinct areas called “cells.” Each cell is schematically represented by one hexagon in a honeycomb pattern; in practice, however, each cell has an irregular shape that depends on the topography of the terrain surrounding the cell. Typically, each cell contains a base station, which comprises the radios and antennas that the base station uses to communicate with the wireless units in that cell. The base stations also comprise the transmission equipment that the base station uses to communicate with the MSC in the geographic area.
The MSC use a signaling network, which enables the exchange of information about the wireless units within the respective geographic service area for location validation and call delivery to wireless units which are roaming in other geographic service areas. When a wireless unit attempts communications with the wireless communications system, the wireless communications system authenticates or verifies the wireless unit's identity before allowing the wireless unit access to the wireless communication system. FIG. 1 depicts a portion of a typical wireless communications system 5 which provides wireless communications services through a base station 10 to a geographic region 12, such as a cell or sector, associated with the base station 10. When a wireless unit 14 within the cell 12 first registers or attempts communications with the base station 10, the wireless unit 14 is authenticated or the wireless unit's identity is verified before allowing the wireless unit 14 access to the wireless communication system. The home network or home communications system for the wireless unit 14 can be a collection of cells making up a cellular geographic service area where the wireless unit 14 resides and is typically the network controlled by the service provider that has contracted with the wireless unit's owner to provide wireless communication services. When wireless unit 14 is in a network other than its home network, it is referred to as being in a visiting communications network or system. If the wireless unit 14 is operating in the visiting communication system, the authentication of the wireless unit by base station 10 will involve communicating with a home authentication center 16 of the wireless unit's home communications system. The home authentication center 16 can be a stand-alone center or connected to, associated with, integrated with and/or co-located with the MSC associated with the home communications system (the home MSC), and the visiting authentication center 18 can be in a stand-alone center or connected to, associated with, integrated with and/or co-located with the MSC associated with the visiting communications system (the visited MSC).
In the example of FIG. 1, the wireless unit 14 is in a visiting communications system. As a result, the authentication of the wireless unit 14 involves communicating with the home authentication center 16 of the wireless unit's home communications system. When the wireless unit 14 attempts to access the visiting communications system, base station 10 communicates with a visiting authentication center 18 of the visiting communication system. The visiting authentication center 18 determines from a wireless unit or terminal identifier, such as the telephone number of wireless unit 14, that the wireless unit 14 is registered with a system that uses home authentication center 16. Visiting authentication center 18 then communicates with home authentication center 16 over a network, such as a signaling network 20 under the standard identified as TIA/EIA-41-D entitled “Cellular Radiotelecommunications Intersystem Operations,” December 1997 (“IS-41”).
Home authentication center 16 then accesses a home location register (HLR) 22 which has a registration entry for wireless unit 14. Home location register 22 may be associated with the wireless unit by an identifier such as the wireless unit's telephone number. The information contained in the home location register 22 can include and/or is used to generate authentication and/or encryption keys, such as a shared secret data (SSD) or communications key used to further secure communications between the wireless unit and the communications system. In a typical wireless communications system, both the wireless unit and the wireless communications system have a secret value called A-KEY. The wireless communications system uses the A-KEY and a randomly generated sequence RANDSSD to generate a shared secret data (SSD) value or communications key. The communications key SSD can be divided into communications keys having different functions, for example an authentication key SSD-A (Shared Secret Data A) and an encryption key SSD-B (Shared Secret Data B). The SSD-A value is used for authentication procedures, and the SSD-B value is used for key generation and encryption procedures.
To authenticate the wireless unit 14 attempting access to the visiting communications system, the home communications system supplies information, such as a random number sequence or challenge RAND, to the visiting communications system which transmits the random number RAND to the wireless unit 14 so that wireless unit 14 can respond with a signature value AUTHR derived using the authentication key (SSD-A) and the random number RAND. If the home communications system does not share the communications key with the visiting communications system, the signature value AUTHR generated by the wireless unit is sent to the home communications system to be compared with a signature value AUTHR generated at the home communications system in the same manner as the unit 14. If the signature values match, the wireless unit 14 is authenticated.
If the home authentication center 16 determines that the communications key value SSD needs to be updated, for example because certain criteria indicate that the SSD may be compromised, the SSD value associated with the wireless unit 14 can be updated. FIG. 2 shows the SSD update procedure followed by the standard identified as TIA/EIA-95-B entitled “Mobile Station-Base Station Compatibility Standard for Dual-Mode Spread Spectrum Systems” (“IS-95B”) between the wireless unit and the wireless communications system. The wireless communications system can include the serving base station, the visiting authentication center, the visitor location register, the home authentication center, the home location register, the visited MSC and/or the home MSC.
To initiate the key update in this embodiment, the home authentication center 16 creates an update sequence RANDSSD. Using the RANDSSD sequence, the A-key and the ESN of the wireless unit as inputs to a cryptographic function, such as a SSD generation procedure 30, the home authentication center 16 generates a new key value (SSD-NEW). The home authentication center sends the RANDSSD sequence through the visiting authentication center and the serving base station in an update message, such as an SSD update message 32, to the wireless unit 14. The wireless unit 14 provides the RANDSSD sequence received from the communications system and generates the new communications key in the same manner as the communications system. For example, the wireless unit 14 provides RANDSSD, the A-key and the electronic serial number (ESN), which are stored at the wireless unit, to a cryptographic function, such as an SSD key generation procedure 34. The SSD key generation procedure 34 generates the SSD-NEW which is divided into SSD-A-NEW and SSD-B-NEW. The SSD generation procedures 30 and 34 implement the CAVE algorithm using a random number RANDSSD, ESN and the value A-KEY as inputs. The CAVE algorithm is well known in the art as a one-way function which inhibits the determination of the inputs to the function given the output.
Before accepting the new SSD values to be used in authentication and encryption procedures, the wireless unit validates the SSD-NEW and thereby authenticates the communications system. To do so, the wireless unit generates a random number RANDBS challenge at block 36. The wireless unit provides RANDBS and SSD-A-NEW along with additional data, such as the ESN and/or an AUTH_DATA string derived from an international mobile station identification number (IMSI), to a cryptographic function, such as a signature procedure 38. The signature procedure 38 generates the signature value AUTHBS. The wireless unit also sends the RANDBS to the wireless communications system, for example as part of a base station challenge 37. Using a corresponding cryptographic function, such as a signature procedure 40, the wireless communications system derives AUTHBS using RANDBS from the wireless unit, SSD-A-NEW from the SSD generation procedure 30 and the additional data, such as the ESN and/or the AUTH_DATA, used by the wireless unit to derive AUTHBS.
The wireless communications system sends the AUTHBS value generated by the signature procedure 40 to the wireless unit, for example in a base station challenge confirmation order 41. At block 42, the wireless unit compares the AUTHBS value generated at the wireless unit with the AUTHBS value sent from the system. If the comparison is successful, the wireless unit 14 directly validates the SSD-NEW and thereby authenticates the communications system. The wireless unit 14 sets the SSD-A value to SSD-A-NEW and the SSD-B value to SSD-B-NEW. The wireless unit then sends an SSD update confirmation 43 to the home authentication center indicating successful completion of the SSD update. Upon receipt of the SSD update confirmation, the home authentication center sets SSD-A and SSD-B to the SSD-A-NEW and SSD-B-NEW values generated by the system.
After the SSD update procedure, the wireless communications system typically authenticates the wireless unit to ensure the validity of the new SSD key value, for example to ensure that the wireless unit has properly calculated the new SSD key. The wireless communications system generates a sequence, such as a random challenge RANDU, and sends the sequence RANDU to the wireless unit, for example in an authentication challenge message 44. Upon receipt of the authentication challenge message 44, the wireless unit 14 provides at least a portion of sequence RANDU to a cryptographic function, for example to an authentication signature procedure 46 with the inputs ESN, AUTH_DATA, SSD-A and a RAND_CHALLENGE derived from RANDU and IMSI. The authentication signature procedure 46 generates the authentication signature value AUTHU as the output of the CAVE algorithm using the RAND_CHALLENGE, ESN, AUTH_DATA and SSD-A as inputs. The wireless communications system generates the authentication signature value AUTHU using the authentication signature procedure 48 in the same fashion. The wireless unit then transmits the value AUTHU calculated by the wireless unit to the wireless communications system. The wireless communications system compares the value AUTHU calculated by the system and the AUTHU value received from the wireless unit at block 50. If the values match, the wireless communications system has validated the new SSD value, and the wireless unit is authenticated.
If the wireless unit 14 is in a visiting communications system and the home communications system does not share the new communications key SSD-NEW with the visiting communications system for whatever reason, the visiting communications system merely acts as a conduit for communications between the wireless unit and the home communications system. As such, the above-described key update requires extensive communications between the home communications system and the visiting communications system in order for the wireless unit to authenticate the communications system. Additionally, the key update in the above scheme is followed by a separate authentication of the wireless unit by the communications system to ensure the validity of the SSD, thereby authenticating the wireless unit from the perspective of the communications system. Although providing mutual authentication of the wireless unit and the communications system, the separate authentication provides additional communications between the visiting communications system and the home communications system.
For example, FIG. 3A shows how a wireless unit 14 is authenticated within a visiting communications system that is compatible with the IS-41 signaling standard. Both the wireless unit 14 and a home communications system 60 contain a secret value called A-KEY. When the wireless unit 14 requests access to a visiting system 62, the visiting system 62 requests data from the home system 60. In this embodiment, the home location register 22 (FIG. 1) associated with the wireless unit 14 is located using an identifier, such as the wireless unit's telephone number. The HLR 22 for the wireless unit 14 stores the secret value or key A-KEY which is used to generate the new communications key SSD-NEW. The SSD-NEW can be calculated by performing a CAVE algorithm using at least the sequence RANDSSD and the A-KEY as inputs. The CAVE algorithm is well known in the art and is specified in the IS-41 standard.
The home system 60 transfers the value RANDSSD to the visiting system, and the visiting system transmits the RANDSSD value to the wireless unit 14. The wireless unit 14 then calculates SSD in the same fashion as calculated by the home system 60 as shown by the equation SSD-A-NEW, SSD-B-NEW=CAVEA-KEY(RANDSSD). The wireless unit 14 then sends the value RANDBS to the visiting system 62, and the visiting system 62 sends the value RANDBS to the home system 60. Using a corresponding cryptographic function, the home system 60 derives AUTHBS using RANDBS from the wireless unit 14. The home system 60 sends the AUTHBS value to the visiting system 62, and the visiting system 62 sends the AUTHBS value to the wireless unit 14. The communication of RANDBS to the home system 60 and the reply of the AUTHBS from the home system is a transaction which can be referred to as an authentication request or base station challenge. The wireless unit 14 compares the AUTHBS value generated at the wireless unit 14 with the AUTHBS value sent from the system. If the comparison is successful, the wireless unit will set the SSD-A value to SSD-A-NEW and the SSD-B value to SSD-B-NEW. The wireless unit then sends an SSD update confirmation order to the home system 60 through the visiting system 62 indicating successful completion of the SSD update. The communication of RANDSSD from the home system 60 and the receipt of the SSD update confirmation is a transaction which can be referred to as an authentication directive (AUTHDIR). Upon receipt of the SSD update confirmation order, the home system 60 sets SSD-A and SSD-B to the SSD-A-NEW and SSD-B-NEW values generated by the system.
Afterward, in the embodiment of FIG. 3A, the home system 60 initiates what can be referred to as a second authentication directive challenging the wireless unit 14 by sending a random number challenge RANDU to the wireless unit 14. The home system 60 sends the value RANDU to the visiting system 62 which sends the value RANDU to the wireless unit 14. Both the wireless unit 14 and home system 60 calculate the value AUTHU where AUTHU is equal to the output of a cryptographic function, such as the CAVE algorithm, using the random number RANDU and the SSD-A value as inputs as shown by AUTHU=CAVESSD-A(RAND). The wireless unit 14 then sends the calculated value AUTHU to the visiting system 62, and the visiting system 62 sends the AUTHU value received from the wireless unit 14 to the home system 60. If the value AUTHU from the wireless unit 14 matches with the AUTHU value calculated at the home system 60, the new SSD value is validated from the perspective of the home system 60, and the wireless unit 14 is authenticated and given access to the visiting system.
FIG. 3B shows an alternative implementation for performing an update of the SSD key in which the authentication of the home system and the wireless unit is performed. In this implementation, the home system 60 generates the value RANDSSD then calculates SSD-A-NEW as shown by the equation SSD-A-NEW, SSD-B-NEW=CAVEA-KEY(RANDSSD). The home system can also generate the value RANDU, and given SSD-A-NEW, the home system 60 can calculate AUTHU. The home system then sends RANDSSD along with RANDU and AUTHU to the visiting system 62. The visiting system 62 then forwards RANDSSD to the wireless unit 14 for the wireless unit to calculate SSD-A-NEW. The wireless unit 14 then sends the value RANDBS to the visiting system 62, and the visiting system 62 sends the value RANDBS to the home system 60. Using a corresponding cryptographic function, the home system 60 derives AUTHBS using RANDBS from the wireless unit 14. The home system 60 sends the AUTHBS value to the visiting system 62, and the visiting system 62 sends the AUTHBS value to the wireless unit 14. The wireless unit 14 compares the AUTHBS value generated at the wireless unit 14 with the AUTHBS value sent from the system. If the comparison is successful, the wireless unit will set the SSD-A value to SSD-A-NEW and the SSD-B value to SSD-B-NEW.
The wireless unit then sends an SSD update confirmation order to the home system 60 through the visiting system 62 indicating successful completion of the SSD update. Upon receipt of the SSD update confirmation order, the home system 60 sets SSD-A and SSD-B to the SSD-A-NEW and SSD-B-NEW values generated by the system. Now, because RANDU and AUTHU are already at the visiting system 62, the visiting system 62 sends RANDU to the wireless unit 14. The wireless unit 14 uses the RANDU value to calculate AUTHU and send AUTHU to the visiting system 62. If the value AUTHU from the wireless unit 14 matches with the AUTHU value calculated at the home system 60, the visiting system 62 sends an authentication report to the home system 60 regarding the SSD update to which the home system 60 responds with an acknowledgment (ACK) signal.
The above described key update and/or the subsequent authentication of the wireless unit use a significant number of communications between the home system and the visiting system which consume system resources if the home communications system retains the communications key.